tag:blogger.com,1999:blog-75172959881910121392024-03-14T12:25:06.313+13:00Al SheppardAl Sheppardhttp://www.blogger.com/profile/07297010539748245767noreply@blogger.comBlogger9125tag:blogger.com,1999:blog-7517295988191012139.post-70015288613451713002023-10-16T14:54:00.004+13:002023-10-16T14:54:47.833+13:00Certificate Connector for Microsoft Intune - Could not create SSL/TLS secure channel<p>We have the Certificate Connector for Microsoft Intune (v6.2301.1.0) installed on a Server 2019 box and were hitting errors in the CertificateConnector Operational event logs for the PKI Revoke Service and the PKI Create Service looking like this:</p><p>Error 5001 - HealthMessageUploadFailedAttempt</p><p style="text-align: left;"></p><blockquote>Pki Revoke Service:<br />Failed to upload health messages. Requeuing messages<br />System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.<br /> at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)<br /> at System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar)<br /> --- End of inner exception stack trace ---</blockquote><p></p><p style="text-align: left;">Error 3003 - RevokeDownloadFailure</p><div style="text-align: left;"><blockquote>Pki Revoke Service:<br />Failed to download Revocation requests.<br />ActivityId: xxxx<br />System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.<br /> at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)<br /> at System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar)<br /> --- End of inner exception stack trace ---</blockquote><p>Error 2 - Exception</p><p></p><blockquote style="text-align: left;"><div>Pki Create Service:<br />Microsoft.Intune.Connectors.Pki.AgentRenewalProcessor.Process threw an exception.<br />System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.<br /> at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)<br /> at System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar)<br /> --- End of inner exception stack trace ---</div><div></div></blockquote><div style="text-align: left;"><br /></div></div><div style="text-align: left;">After a bit of time with our GPO's to see what might have been the cause and Wireshark'ing packets, it came down to a setting enabling the TLSv1.3 protocol in the registry in one GPO. While it's not supported in this version of the OS, but the following was set as a catch for one day when it might be:</div><p></p><blockquote><p>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client]</p><p>"Enabled"=dword:00000001</p><p>"DisabledByDefault"=dword:00000000</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server]</p><p>"Enabled"=dword:00000000</p><p>"DisabledByDefault"=dword:00000001</p></blockquote><p></p><p style="text-align: left;">Delete those 4 lines from either the GPO or the registry and the PKI Revoke service will it start downloading and uploading correctly. I can only assume that the app was written to try TLSv1.3 if it is mentioned in the registry and it will fail (at this time). Perhaps one day when TLSv1.3 is supported in Server 2019, it might work properly. Hope this helps someone else out there.</p><p style="text-align: left;"><br /></p>Al Sheppardhttp://www.blogger.com/profile/07297010539748245767noreply@blogger.com0tag:blogger.com,1999:blog-7517295988191012139.post-61526871307689310432021-03-31T14:13:00.005+13:002021-03-31T14:40:47.574+13:00Veeam agent error with asynchronous read operation failed<p>We use Veeam Agent v5 (and v4, same error) for our backups and found we have some Windows 2019 physical servers using a Volume level backup that have recently failed in their Operating System backup with the following error.</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0anzC633Cwyaej2Ve4-A0KhNhPZQ1cgtWhXvds09PqAFAMzR8V4Niq3_ija29grTyPjKki_Qz8qhtkvhtSBA9svdUXwCTLmJVv6cb8Olo-AG59D84-B6W4CCxnWiHyvGSVxmmVYYMJts/s679/error1.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="312" data-original-width="679" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0anzC633Cwyaej2Ve4-A0KhNhPZQ1cgtWhXvds09PqAFAMzR8V4Niq3_ija29grTyPjKki_Qz8qhtkvhtSBA9svdUXwCTLmJVv6cb8Olo-AG59D84-B6W4CCxnWiHyvGSVxmmVYYMJts/s320/error1.jpg" width="320" /></a></div><div class="separator" style="clear: both; text-align: left;">The text of the error gives a little bit more to work with.</div>
<blockquote class="tr_bq">
<span style="font-family: Courier New, Courier, monospace;">31/03/2021 10:00:43 AM :: Error: The device is not ready. Asynchronous read operation failed Failed to upload disk. Agent failed to process method {DataTransfer.SyncDisk}. Exception from server: The device is not ready. Asynchronous read operation failed Unable to retrieve next block transmission command. Number of already processed blocks: [0]. Failed to download disk '1140af5b-d567-46db-9b74-11c85ca1fb25'. </span></blockquote>
<p>So we logged a job with Veeam and their answer was to log a job with Microsoft as it was a server error. Time to have a deeper look before we went down that path.</p><p>This was a bit strange, the jobs were happy until a round of Windows Updates done some time in February. Looking at the volume picker below showed what the job was trying to back up.</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiYW4n8GP9dO5DR9kAEQLbnzxUVocl5ridE82iA42gTvteKA1RreqpMbpI3lTPky5AK5QmfytsIOL14MXCx2Dh4hAUll9iR-28eNdMlQpXYZilGW39ot7r8wRvsBWPfI7r4N9-BkvJSDT8/s559/error2.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="371" data-original-width="559" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiYW4n8GP9dO5DR9kAEQLbnzxUVocl5ridE82iA42gTvteKA1RreqpMbpI3lTPky5AK5QmfytsIOL14MXCx2Dh4hAUll9iR-28eNdMlQpXYZilGW39ot7r8wRvsBWPfI7r4N9-BkvJSDT8/s320/error2.jpg" width="320" /></a></div><p></p><p>If we removed the Recovery volume from the selected volumes, there is an error about an incomplete backup but the job runs successfully with the remaining two volumes. Including the Recovery volume into the backup causes it to fail again. A backup of only the Recovery volume also had the same failure.</p><p>A hunt of the <a href="https://forums.veeam.com/veeam-agent-for-windows-f33/error-the-device-is-not-ready-asynchronous-read-operation-failed-failed-to-upload-disk-t65945.html" rel="nofollow" target="_blank">Veeam forums</a> showed that a few others had the same issue.</p>
<p>Hunting around with PowerShell provided this from the Recovery partition</p>
<pre><code class="lang-powershell"><p>(Get-Partition).Where({$_.type -eq "Recovery"}) | FormatList</p><p>
UniqueId : {00000000-0000-0000-0000-100000000000}600508B1001C480977D3EE56F92B41FB<br />
AccessPaths : {\\?\Volume{62480ffe-130d-4cfd-a21f-e44b531d5a34}\}<br />
DiskNumber : 4<br />
DiskPath : \\?\scsi#disk&ven_hpe&prod_logical_volume#5&25daa67a&0&000100#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}<br />
DriveLetter :<br />
Guid : {62480ffe-130d-4cfd-a21f-e44b531d5a34}<br />
IsActive : False<br />
IsBoot : False<br />
IsHidden : False<br />
IsOffline : True<br />
IsReadOnly : False<br />
IsShadowCopy : False<br />
IsDAX : False<br />
IsSystem : False<br />
NoDefaultDriveLetter : True<br />
Offset : 1048576<br />
OperationalStatus : Offline<br />
PartitionNumber : 1<br />
Size : 499 MB<br />
Type : Recovery</p></code></pre>
<p>Operational Status is Offline, how about we look at that. So with</p>
<pre><code class="lang-powershell">(Get-Partition).Where({$_.type -eq "Recovery"}) | Set-Partition -IsOffline $False</code></pre>
<p>We set the Recovery partition to being online, run a backup job with the Recovery volume included and it works. Huzzah!</p>
<p>Then a reboot to test and we found that the Offline setting returns to $True after a reboot and the Veeam Agent job would fail. Setting a PowerShell script with the above line in it and making it run as a Scheduled Task on Startup ensured the Recovery volume was online. Not sure if that is best practice, but it makes the job run and our backup engineer happy.</p>
Al Sheppardhttp://www.blogger.com/profile/07297010539748245767noreply@blogger.com3tag:blogger.com,1999:blog-7517295988191012139.post-35060746521321087122020-05-08T16:23:00.001+12:002020-05-08T16:23:05.994+12:00Set-AzStorageBlobContent and Illegal characters in pathOccasionally I upload some content to an Azure Blob storage account for long term archival from a Windows 2016 server using a script (upload-azure.ps1) and the AZ PowerShell modules, specifically <i>Set-AzStorageBlobContent</i>.<br />
When I last ran this 4 months ago, back in Jan 2020, it went fine. I got the error below a month or so ago and just used the web interface to upload instead. Today, when I have lots of content to upload it was time to get the script working. This is what was getting:
<br />
<pre><code class="lang-powershell">
Set-AzStorageBlobContent : Failed to open file C:\Upload\Al.7z: Illegal characters in path..
At C:\Upload\upload-azure.ps1:95 char:13
+ Set-AzStorageBlobContent -File $FilePath -Container $cont ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Set-AzStorageBlobContent], TransferException
+ FullyQualifiedErrorId : TransferException,Microsoft.WindowsAzure.Commands.Storage.Blob.SetAzureBlobContentCommand
</code></pre>
The relevant line 95 from the script is:<br />
<pre><code class="lang-powershell">
Set-AzStorageBlobContent -File $FilePath -Container $containerName -Context $storageAccount.Context -Blob $file.Name -Metadata $Metadata
</code></pre>
I updated the Az.Storage PowerShell modules (see the fun and games <a href="https://www.alsheppard.com/2020/05/error-powershell-gallery-is-currently.html" target="_blank">here</a>) to v1.14.0 and tried again. Same issue. However, it turns out there has been some path handling changes in .Net Framework that turned up on my server of recent. This article <a href="https://docs.microsoft.com/en-gb/archive/blogs/jeremykuhne/new-net-path-handling-sneak-peek" target="_blank">https://docs.microsoft.com/en-gb/archive/blogs/jeremykuhne/new-net-path-handling-sneak-peek</a> hints to it. Checking the basics of path handling with this below points to something more in .Net than in the Az commands:<br />
<pre><code class="lang-powershell">
PS C:\Users\Al> [System.IO.Path]::GetFullPath("\\?\c:\pagefile.sys")
Exception calling "GetFullPath" with "1" argument(s): "Illegal characters in path."
At line:1 char:1
+ [System.IO.Path]::GetFullPath("\\?\c:\pagefile.sys")
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : ArgumentException</code></pre>
Then reading this again, <a href="https://github.com/Azure/azure-powershell/issues/8473" target="_blank">https://github.com/Azure/azure-powershell/issues/8473</a>, it now has a solution on it that easy to apply - thanks fimcle!<br />
<pre><code class="lang-powershell">
$registryPath = "HKLM:\SOFTWARE\Microsoft.NETFramework\AppContext"
New-Item -Path $registryPath
New-ItemProperty -Path $registryPath -Name "Switch.System.IO.UseLegacyPathHandling" -Value "false"
</code></pre>
Run that and open a new PowerShell window and hazaah, I can now upload content to my Blob storage again.Al Sheppardhttp://www.blogger.com/profile/07297010539748245767noreply@blogger.com0tag:blogger.com,1999:blog-7517295988191012139.post-4802059538357896762020-05-07T00:03:00.000+12:002020-05-08T10:24:14.732+12:00Error "PowerShell Gallery is currently unavailable"I was trying to update some Az modules on a Windows 2016 server (PowerShell version 5.1.14393.3471 for what it's worth) today to connect to some Azure storage and thought I'd run the normal Update-Module to keep things nice and fresh. However, this time it was failing with:
<br />
<pre><code class="lang-powershell">
PS C:\Users\Al> Update-Module
Get-PSGalleryApiAvailability : PowerShell Gallery is currently unavailable. Please try again later.
At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:2038 char:13
+ Get-PSGalleryApiAvailability -Repository (Get-SourceName ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Get-PSGalleryApiAvailability], InvalidOperationException
+ FullyQualifiedErrorId : PowerShellGalleryUnavailable,Get-PSGalleryApiAvailability
</code></pre>
So running it with a debug gets me this (with some cruft removed):<br />
<pre><code class="lang-powershell">
PS C:\Users\Al>Update-Module -Debug
DEBUG: 00:00:47.3393273 Source 'https://www.powershellgallery.com/api/v2' is not one of the 'NuGet' provider.
...SNIP....
VERBOSE: An error occurred while sending the request.
VERBOSE: Retry downloading 'https://www.powershellgallery.com/api/v2' for '2' more times
VERBOSE: An error occurred while sending the request.
VERBOSE: Retry downloading 'https://www.powershellgallery.com/api/v2' for '1' more times
VERBOSE: An error occurred while sending the request.
VERBOSE: Retry downloading 'https://www.powershellgallery.com/api/v2' for '0' more times
WARNING: Unable to resolve package source 'https://www.powershellgallery.com/api/v2'.
...SNIP...</code></pre>
Interesting. Lets just try check the repository is good first:<br />
<pre><code class="lang-powershell">
PS C:\Users\Al> Get-PSRepository
WARNING: MSG:UnableToDownload «https://go.microsoft.com/fwlink/?LinkID=627338&clcid=0x409» «»
WARNING: Unable to download the list of available providers. Check your internet connection.
Name InstallationPolicy SourceLocation
---- ------------------ --------------
PSGallery Untrusted https://www.powershellgallery.com/api/v2
</code></pre>
OK. Well it looks good but that warning is funny. Looking at the firewall logs it showed successful connections to www.powershellgallery.com so it wasn't access out to the internet. Lets try and install the module again.<br />
<pre><code class="lang-powershell">
PS C:\Users\Al> Install-Module -Name Az
WARNING: Unable to resolve package source 'https://www.powershellgallery.com/api/v2'.
PackageManagement\Install-Package : No match was found for the specified search criteria and module name 'Az'. Try
Get-PSRepository to see all available registered module repositories.
At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:1772 char:21
+ ... $null = PackageManagement\Install-Package @PSBoundParameters
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Microsoft.Power....InstallPackage:InstallPackage) [Install-Package], Ex
ception
+ FullyQualifiedErrorId : NoMatchFoundForCriteria,Microsoft.PowerShell.PackageManagement.Cmdlets.InstallPackage
</code></pre>
Bother. At this point, having found three different error messages and being able to download the URL's in the warnings using IE, I looked into some Wireshark dumps and noticed that while the IE was using TLS1.2, this PowerShell was not and failing at the server side to connect properly. Time to enforce TLS1.2 in the PowerShell session with this command:
<br />
<pre><code class="lang-powershell">
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
</code></pre>
Rerun the Update-Module and it works. I'm not sure what I might have done to stop it working, perhaps a GPO or some such to set PowerShell to default to TLS1.1 or 1.0 or perhaps PowerShellGallery turned off TLS1.0 and 1.1 support (smart move). You can Google that one to find a better place to put that line so it sticks for each session.Al Sheppardhttp://www.blogger.com/profile/07297010539748245767noreply@blogger.com0tag:blogger.com,1999:blog-7517295988191012139.post-2454941016351527342019-03-12T15:51:00.000+13:002019-03-12T15:51:54.665+13:00Online Archive missing in Outlook after Office ProPlus upgradeWe recently upgraded a bunch of users from Office 2013 / 2016 Professional Plus to Office 2016 ProPlus using our O365 E3 licences. A bunch of users, both on-prem and in O365, could no longer see their Online Archive in their Outlook. The online archive was gone, kaput, missing, absent, you get the idea.<br />
<br />
Interestingly, it did show up in their Outlook Online / on-prem webmail however.<br />
<br />
This pinpointed it to probably being their Office 2016 KMS licence key from the previous install. A check of the current licences a user had looked like:<br />
<br />
<blockquote class="tr_bq">
<span style="font-family: inherit;">"c:\windows\system32\cscript.exe "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus"</span></blockquote>
<blockquote class="tr_bq">
<span style="font-family: inherit;">---Processing--------------------------<br />---------------------------------------<br />PRODUCT ID: xxxxx-xxxxx-xxxxx-xxxxx<br />SKU ID: d450596f-894d-49e0-966a-fd39ed4c4c64<br />LICENSE NAME: Office 16, Office16ProPlusVL_KMS_Client edition<br />LICENSE DESCRIPTION: Office 16, VOLUME_KMSCLIENT channel<br />BETA EXPIRATION: 1/01/1601<br />LICENSE STATUS: ---LICENSED---<br />REMAINING GRACE: 178 days (257459 minute(s) before expiring)<br />Last 5 characters of installed product key: abcde<br />Activation Type Configuration: ALL<br /> KMS machine name from DNS: x.x.x.x:1688<br /> Activation Interval: 120 minutes<br /> Renewal Interval: 10080 minutes<br /> KMS host caching: Enabled<br />---------------------------------------<br />---------------------------------------<br />---Exiting----------------------------- </span></blockquote>
Hmmm, an old licence in there. Not sure why it would cause issues, but it's not the one they should have for O365. So, delete the licences with this command, using the last 5 characters of installed product key from the above command:<br />
<blockquote class="tr_bq">
"c:\windows\system32\cscript.exe "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /unpkey:abcde"</blockquote>
Restart Outlook and provided the user has a proper E3 / E5 licence, Online Archive should be visible.Al Sheppardhttp://www.blogger.com/profile/07297010539748245767noreply@blogger.com0tag:blogger.com,1999:blog-7517295988191012139.post-11416147098316318042018-08-07T15:16:00.003+12:002020-04-07T11:11:55.838+12:00Errors reinstalling MS Advanced Threat AnalyticsWhen our MS ATA server was set up, we had to choose a certificate to use for the encrypted communications between domain controllers and the ATA server. So we picked the default computer cert issued by our internal PKI which was valid for another year.<br />
<br />
What we forgot was this certificate expires and self renews. This error would have been recoverable had it been noticed before the server was rebooted, but it wasn't. So because the old cert was gone, we couldn't start the ATA services and the domain controllers were no longer talking to the ATA server. We rebuilt the ATA server and tried to reinstall the agents on the DC's. Perhaps there is an easier way....<br />
<br />
This is where the problems started on our server-core DC's. Sometimes the agent would uninstall and sometimes not. It wouldn't upgrade however.<br />
<br />
So, in order of things I tried to remove the agent:<br />
<br />
With the new agent install executable in the current directory, try<br />
<pre><code class="lang-cmd">"Microsoft ATA Gateway Setup.exe" /quiet /uninstall</code></pre>
If that didn't work, start a PowerShell and use the WMI:<br />
<pre><code class="lang-powershell">$app = Get-WmiObject -Class Win32_Product -Filter "Name = 'Microsoft Advanced Threat Analytics Gateway'"
$app.uninstall()
</code></pre>
<br />
If it's still installed, there are some log files (<span style="font-family: "courier new" , "courier" , monospace;">Microsoft Advanced Threat Analytics Gateway_yyyymmddtime.log</span>)for each installation attempt of the agent in your %temp% (or one directory up like <span style="font-family: "courier new" , "courier" , monospace;">C:\Users\al\AppData\Local\Temp</span>) that make for some reading like:<br />
<br />
<span style="font-size: x-small;"> .....</span><br />
<blockquote class="tr_bq" style="font-family: Calibri; margin: 0in;">
<span style="font-size: x-small;">[0410:0C24][2018-08-07T14:10:58]i000:
2018-08-07 02:10:58.6626 1040 5 Debug
[\[]DeploymentModel[\]] [\[]DeploymentAction=Upgrade[\]]<br />[0410:0C24][2018-08-07T14:10:59]i000:
2018-08-07 02:10:59.1313 1040 5 Error
[\[]GatewayBootstrapperApplication[\]] Failed to create deployment manager
[\[]exception=System.ArgumentNullException: Value cannot be null.<br />Parameter name:
path1<br /> at System.IO.Path.Combine(String path1,
String path2)<br /> at
Microsoft.Tri.Gateway.Deployment.Bundle.UI.Application.GatewayUpgradeDeploymentConfiguration.GetMandatoryConfiguration(String
installationPath)<br /> at
Microsoft.Tri.Gateway.Deployment.Bundle.UI.Application.GatewayUpgradeDeploymentConfiguration..ctor(Engine
engine, String installationPath)<br /> at
Microsoft.Tri.Gateway.Deployment.Bundle.UI.Application.GatewayDeploymentModel.CreateDeploymentConfiguration(Engine
engine)<br /> at
Microsoft.Tri.Deployment.Bundle.UI.Application.DeploymentModel..ctor(BootstrapperApplication
bootstrapperApplication, ProductComponent productComponent, String
productFullShortName, String productFullLongName, String
productFullLongDisplayName)<br /> at
Microsoft.Tri.Gateway.Deployment.Bundle.UI.Application.GatewayDeploymentModel..ctor(BootstrapperApplication
bootstrapperApplication)<br /> at
Microsoft.Tri.Gateway.Deployment.Bundle.UI.Application.GatewayBootstrapperApplication.CreateDeploymentModel()<br /> at
Microsoft.Tri.Deployment.Bundle.UI.Application.BootstrapperApplication`1.Run()[\]]</span></blockquote>
<span style="font-size: x-small;">.....</span><br />
<br />
<br />
This one was fixed by going to "<span style="font-family: "courier new" , "courier" , monospace;">C:\ProgramData\Package Cache</span>" and searching for *.exe <span style="font-size: x-small;">(</span><span style="font-family: "courier new" , "courier" , monospace;">dir *.exe /s</span>). You'll see some GUID's and file names like "<span style="font-family: "courier new" , "courier" , monospace;">Microsoft ATA Gateway Setup.exe"</span> then run the uninstall command with the path including the GUID<br />
<pre><code class="lang-cmd">"C:\ProgramData\Package Cache\{GUID}\Microsoft ATA Gateway Setup.exe /uninstall"</code></pre>
Repeat for each version of that EXE you find under that directory. That should do it.<br />
<br />
Finally, go and delete the contents of "C:\Program Files\Microsoft Advanced Threat Analytics\Gateway" then remove the directories "Gateway" and "Microsoft Advanced Threat Analytics" otherwise you get errors in that log like:<br />
<br />
<blockquote class="tr_bq" style="font-family: Calibri; margin: 0in;">
<span style="font-size: x-small;">[13BC:1244][2018-08-07T14:15:33]i000:
2018-08-07 02:15:33.5655 5052 5 Debug
[\[]DeploymentModel[\]] [\[]DeploymentAction=Install[\]]<br />[13BC:1244][2018-08-07T14:15:33]i000:
2018-08-07 02:15:33.8155 5052 5 Debug
[\[]DeploymentModel[\]] [\[]IsAfterRestartAndConfigured=False[\]]<br />[13BC:1244][2018-08-07T14:15:37]i000:
2018-08-07 02:15:37.1749 5052 5 Error
[\[]DeploymentManager[\]] InstallationPath is invalid
[\[]directoryState=NotEmpty[\]]<br />[13BC:1244][2018-08-07T14:15:37]i000:
2018-08-07 02:15:37.1905 5052 5 Debug
[\[]GatewayBootstrapperApplication[\]] Engine.Quit
[\[]deploymentResultStatus=1602 isRestartRequired=False[\]]</span></blockquote>
<br />
<div style="font-family: Calibri; font-size: 11.0pt; margin: 0in;">
<br /></div>
You are then free to reinstall the agent with:<br />
<pre><code class="lang-cmd">"Microsoft ATA Gateway Setup.exe" /quiet NetFrameworkCommandLineArguments="/q"</code></pre>
<br />Al Sheppardhttp://www.blogger.com/profile/07297010539748245767noreply@blogger.com0tag:blogger.com,1999:blog-7517295988191012139.post-32139389725283322302018-02-22T12:11:00.002+13:002018-02-22T12:11:16.388+13:00Error 2150858882 with Event Log FowardingAfter setting up a GPO for the event log forwarding service to use https instead of http to talk to our collector, with the recommended settings of server, refresh and issuerCA, I kept getting this 105 error in the Eventlog-FowardingPlugin log on my workstations:<br />
<br />
<blockquote class="tr_bq">
<span style="font-family: Courier New, Courier, monospace;">The forwarder is having a problem communicating with subscription manager at address https://mycollector.alsheppard.com:5986/wsman/SubscriptionManager/WEC. Error code is 2150858882 and Error Message is .</span></blockquote>
That's it, no error message. Frustrating. However, removing the IssuerCA, leaving the server and refresh values from the GPO's SubscriptionManager line seems to have resulted in a happy event forwarding service.<br />
<br />
I would also check Kerberos is set up on the listening server, or at least the SPN exists.<br />
<br />
<br />Al Sheppardhttp://www.blogger.com/profile/07297010539748245767noreply@blogger.com0tag:blogger.com,1999:blog-7517295988191012139.post-39175153564941997272014-11-13T15:47:00.002+13:002014-11-13T16:13:00.320+13:00Voice mail in Outlook 2013 won't Play on PhoneWe have users who are trialling Office 365 for their email but use an on-premise Lync 2013 phone system. When they get a voice mail in their Outlook 2013 (with and without SP1), there is a Play on Phone option that is meant to ring their phone and play the voice mail.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh6X459KhC9DEZkRxM2P8M8cg0sM9Nq2Ids9auzStWlkyvi87J1UEO_ZilM1LlX39Qm-BYD4EAPno_grhHJOLv302eXFGsveB04_YBW53MZnQXkN1CBRFBb3pYllPo7Tgg_fAZVstIkpMs/s1600/Voicemail.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="251" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh6X459KhC9DEZkRxM2P8M8cg0sM9Nq2Ids9auzStWlkyvi87J1UEO_ZilM1LlX39Qm-BYD4EAPno_grhHJOLv302eXFGsveB04_YBW53MZnQXkN1CBRFBb3pYllPo7Tgg_fAZVstIkpMs/s400/Voicemail.png" width="400" /></a></div>
However, when they click on that, the following error pops up.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEinngH6ut2KMqLB_ntimqnhdOklMWbJlkIpCDhCNTasik6b9Q-8I0iyZnveDOVRUM8cDpZpkvFnB857ZafRoCdUYcAyBUCsCeKDWio22L-Ej5dlbsjm7MJNW_ASrFABtbABDGq9LS9sSsY/s1600/UMError.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="148" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEinngH6ut2KMqLB_ntimqnhdOklMWbJlkIpCDhCNTasik6b9Q-8I0iyZnveDOVRUM8cDpZpkvFnB857ZafRoCdUYcAyBUCsCeKDWio22L-Ej5dlbsjm7MJNW_ASrFABtbABDGq9LS9sSsY/s400/UMError.png" width="400" /></a></div>
<blockquote class="tr_bq">
The Microsoft Exchange Unified Messaging service cannot be contacted to play messages on your phone. Try again later. If this problem continues, contact your Exchange administrator or support organisation.</blockquote>
Being that I administer our Exchange 2010, I got lumped with finding out why it wasn't working. It took a while to check certificates etc between Lync servers, the UM servers, CAS boxes and the O365 end points and they all looked fine. There was no error messages in any server logs either.<br />
<br />
Interestingly, if I did the same "Play on phone" action from the Office 365 Outlook Web interface it worked meaning that at least from off site, the certificates were fine and everything was talking. After another look at the client with Wireshark, I noticed that there was no network traffic when you click the button which lead me to looking at the Outlook client. Testing a few hotfixes later and it seems that <a href="http://support.microsoft.com/kb/2880477" target="_blank">KB2880477</a> is the answer.<br />
<br />
There is no mention of the issue in that KB but the version of the Outlook 2013 SP1 add-in "Microsoft Exchange Add-in"'s UmOutlookAddin.dll changed from 15.0.4569.1503 to 15.0.4629.1000 and the Play on Phone now works.<br />
<br />
<br />
<br />
<br />
<br />
<br />Al Sheppardhttp://www.blogger.com/profile/07297010539748245767noreply@blogger.com2tag:blogger.com,1999:blog-7517295988191012139.post-75573223788243196052014-07-23T21:39:00.001+12:002015-09-08T13:30:10.559+12:00Changing the Federation Service name in ADFS 3.0I was configuring a Windows Server 2012 R2 server with ADFS to talk to Office 365 and set it up with the wrong name (fs.alsheppard.com) instead of the desired sts.alsheppard.com. Easy I thought, I'll just go and change it in the ADFS config and test it. Nope, that didn't work. Ok, I'll Google it. Nope, NOTHING about changing the Federation Service name in ADFS 3.0 (as at March 2014).<br />
<br />
So, how I fixed it (in my mythical alsheppard.com domain).<br />
<br />
<ul>
<li>In the AD FS mmc tool, on the right is the "Edit Federation Service Properties" and change the FS name and identifier. </li>
<li>Add the new DNS name sts.alsheppard.com to point to the same IP address as the fs.alsheppard.com</li>
<li>Update the certificate that it uses. Powershell and run "Update-ADFSCertificate". This will generate the new token-decrypting certificate and token-signing certificate that you can see in the MMC (under AD FS -> Service -> Certificates). The fs.alsheppard.com certificate is still the primary.</li>
<li>In the gui, notice that you can't change the primary and secondary around yet. In the powershell, run "set-ADFSProperties -AutoCertificateRollover $false".</li>
<li>In the gui again, change the new sts.alsheppard.com to be the primary and delete the old fs.alsheppard.com certificates in both sections.</li>
<li>In powershell, run "set-ADFSProperties -AutoCertificateRollover $true"</li>
<li>In ADUC, change the SPN value on the ADFS farm service account from "host/fs.alsheppard.com" to "host/sts.alsheppard.com" </li>
<li>In the Powershell again, type "get-ADFSSslCertificate" and this should show three certificates, two for the fs.alsheppard.com hostname and one for localhost. Copy the CertificateHash and use it here "set-ADFSSslCertificate -thumbprint <CertificateHash>. Run the get-ADFSslCertificate again and there should be 5 certificates now, one for localhost, two for the old name and two for the new name. <b>This must be done on each server in the farm.</b></li>
<li>In the mmc, change the Device Registration Service identifier too (AD FS -> Trust Relationships -> Relying Party Trusts).</li>
<li>Restart the ADFS service.</li>
</ul>
That should be about it. Test it by going to "https://sts.alsheppard.com/adfs/ls/idpinitiatedsignon" and seeing if you can log in. If not, check that the ADFS farm service account has read rights to the user account you are trying.<br />
<br />
In hindsight, deleting the farm, wiping the farm server and restarting from scratch would have been about as easy.<br />
<br />
Edited 20150908 to change the set-ADFSProperties certificate rollover, thanks anonymous commenter!Al Sheppardhttp://www.blogger.com/profile/07297010539748245767noreply@blogger.com10